<?php
/*
 * Author: Quan Van Sinh
 * Email: sinhvnb@vietnambiz.com
 */
function login($username, $password){
    global $DB;
    $password = md5($password);
    $username = mysql_escape_string($username);
    $rsUser = $DB->query_first("SELECT id,username, password FROM user WHERE username='$username' AND password='$password' AND active=1");
    if($rsUser){
        $_SESSION['userid']   = $rsUser['id'];
        $_SESSION['username'] = $username;
        $_SESSION['password'] = $password;
        return true;
    }else{
        return false;
    }
}

function checkLoginReturn(){
    global $DB;
    if(isset($_SESSION['username'])){
        $rsUser = $DB->query_first("SELECT username, password FROM user WHERE username='".filter($_SESSION['username'])."' AND password='".filter($_SESSION['password'])."' AND active=1");
        if($rsUser){
            return true;
        }else{
            return false;
        }
    }else{
        return false;
    }
}
?>
